Journal Home > Volume 20 , Issue 6
Tsinghua Science and Technology 2015, 20(6): 537-544 https://doi.org/10.1109/TST.2015.7349926
Open Access | Issue | Published: 17 December 2015

Cloud Platform Based Automated Security Testing System for Mobile Internet

Show Author's Information Dan Tao( ) Zhaowen Lin Cheng Lu
School of Electronic and Information Engineering, Beijing Jiaotong University, Beijing 100044, China
Jiangsu High Technology Research Key Laboratory for Wireless Sensor Networks, Nanjing 210003, China.
Network and Information Center, Institute of Network Technology, Science and Technology on Information Transmission and Dissemination in Communication Networks Laboratory, National Engineering Laboratory for Mobile Network Security, Beijing University of Posts and Telecommunications, Beijing 100876, China.
Keywords:
virtualization, automated security testing, cloud platform, Metasploit
Cite this article:
Tao D, Lin Z, Lu C. Cloud Platform Based Automated Security Testing System for Mobile Internet. Tsinghua Science and Technology, 2015, 20(6): 537-544. https://doi.org/10.1109/TST.2015.7349926
Download citation
EndNote(RIS)
BibTeX

435

Views

22

Downloads

Citations

8

Crossref

N/A

WoS

11

Scopus

0

CSCD

Abstract Full text About this article

With respect to security, the use of various terminals in the mobile Internet environment is problematic. Traditional terminal testing methods cannot simulate actual testing environments; thus, the test results do not accurately reflect the security of terminals. To address this problem, we designed and developed a cloud platform based automated testing system for the mobile Internet. In this system, virtualization and automation technology are utilized to integrate mobile terminals into the cloud platform as a resource, to achieve a novel cloud service called Testing as a Service (TaaS). The system consists of three functional modules: web front-end module, testing environment module, and automated testing module. We adopted the permeable automated testing tool Metasploit to perform security testing. In our test experiments, we selected 100 apps with diverse vulnerability levels, ranging from secure to vulnerable, to perform a series of functional tests. The experimental results show that this system can correctly test both the number of vulnerable apps and their corresponding vulnerability levels. As such, the designed system can flexibly configure various testing environments for different testing cases or projects, and thereby perform security testing automatically.


menu
Abstract
Full text
Outline
About this article

Cloud Platform Based Automated Security Testing System for Mobile Internet

Show Author's information Dan Tao( )Zhaowen LinCheng Lu
School of Electronic and Information Engineering, Beijing Jiaotong University, Beijing 100044, China
Jiangsu High Technology Research Key Laboratory for Wireless Sensor Networks, Nanjing 210003, China.
Network and Information Center, Institute of Network Technology, Science and Technology on Information Transmission and Dissemination in Communication Networks Laboratory, National Engineering Laboratory for Mobile Network Security, Beijing University of Posts and Telecommunications, Beijing 100876, China.

Abstract

With respect to security, the use of various terminals in the mobile Internet environment is problematic. Traditional terminal testing methods cannot simulate actual testing environments; thus, the test results do not accurately reflect the security of terminals. To address this problem, we designed and developed a cloud platform based automated testing system for the mobile Internet. In this system, virtualization and automation technology are utilized to integrate mobile terminals into the cloud platform as a resource, to achieve a novel cloud service called Testing as a Service (TaaS). The system consists of three functional modules: web front-end module, testing environment module, and automated testing module. We adopted the permeable automated testing tool Metasploit to perform security testing. In our test experiments, we selected 100 apps with diverse vulnerability levels, ranging from secure to vulnerable, to perform a series of functional tests. The experimental results show that this system can correctly test both the number of vulnerable apps and their corresponding vulnerability levels. As such, the designed system can flexibly configure various testing environments for different testing cases or projects, and thereby perform security testing automatically.

Keywords: virtualization, automated security testing, cloud platform, Metasploit

References(16)

[1]
Chen Z., Dong W. Y., Li H., Zhang P., Collaborative network security in multi-tenant data center for cloud computing, Tsinghua Science and Technology, vol. 19, no. 1, pp. 82–94, 2014.
DOI Google Scholar
[2]
Pei S. W., Wu B. F., Zhu K., Yu Q., Novel software automated testing system based on J2EE, Tsinghua Science and Technology, vol. 12, no. S1, pp. 51–56, 2007.
DOI Google Scholar
[3]
Wipro, Testing as a service, http://taas.wipro.com/index.aspx, 2013.
[4]
Kochhar P. S., Thung F., Nagappan N., Zimmermann T., Understanding the test automation culture of app developers, in 2015 IEEE 8th International Conference on-Software Testing, Verification and (Validation ICST), Graz, Austria, 2015.
DOI
[5]
Lin Y. D., Yu S. C., Lai Y. C., Improving the accuracy of automated GUI testing for embedded systems, IEEE Software, vol. 31, no. 1, pp. 39–45, 2013.
DOI Google Scholar
[6]
Liu C. H., Lu C. Y., Cheng S. J., Chang K. Y., Capture-replay testing for Android applications, in 2014 International Symposium on Computer, Consumer and Control (IS3C), Taichung, Taiwan, China, 2014, pp. 1129–1132.
DOI
[7]
YiCeYun, http://www.yiceyun.com/, 2012.
[8]
Subashini S., Kavitha V., A survey on security issues in service delivery models of cloud computing, Journal of Network and Computer Applications, vol. 34, no. 1, pp. 1–11, 2010.
DOI Google Scholar
[9]
Kennedy D., O'Gorman J., Kearns D., Aharoni M., Metasploit: The Penetration Tester's Guide. Beijing, China: Publishing House of Electronics Industry, 2013.
[10]
Metasploit project, https://en.wikipedia.org/wiki/MetasploitProject#MetasploitFramework, 2015.
[11]
Holik F., Horalek J., Marik O., Neradova S., Effective penetration testing with Metasploit framework and methodologies, in 2014 IEEE 15th International Symposium on Computational Intelligence and Informatics (CINTI), Budapest, Hungray, 2014, pp. 237–242.
DOI
[12]
Meng J. Q., Li A. P., The implementation of vulnerability scanning technique based on loading Nessus on Metasploit, Netinfo Security, no. 8, pp. 185–187, 2012.
Google Scholar
[13]
Django, https://en.wikipedia.org/wiki/Djangowebframework, 2015.
[14]
Odeh S., Al-Khatib Y., Computer resources as a cloud lab service, in presented at IEEE Global Engineering Education Conference (EDUCON), Marrakech, Morocco, 2012.
DOI
[15]
Takala T., Katara M., Experiences of systerm-level model-based GUI testing of an Android application, in presented at IEEE International Conference on Software Testing, Berlin, Germany, 2011.
DOI
[16]
How to we Nessus to dected system vulnerablility, http://www.shangxueba.com/jingyan/1632696.html, 2014.
Publication history
Copyright
Acknowledgements
Rights and permissions

Publication history

Received: 13 July 2015
Revised: 28 September 2015
Accepted: 20 October 2015
Published: 17 December 2015
Issue date: December 2015

Copyright

© The author(s) 2015

Acknowledgements

This work was supported by the National Natural Science Foundation of China (No. 61202431), the National High-Tech Research and Development (863) Program of China (No. 2013AA014702), Beijing Higher Education Young Elite Teacher Project (No. YETP0535), the Open Project Program of Jiangsu High Technology Research Key Laboratory for Wireless Sensor Networks, and the Scientific Research Foundation for the Returned Overseas Chinese Scholars, Ministry of Education.

Rights and permissions

Return